Nice comparison of SharePoint Online editions showing what's available in each edition. To see what's missing in SharePoint Online scan the rows where every item is "No"!
SharePoint Online Service Description: http://technet.microsoft.com/en-us/library/sharepoint-online-service-description.aspx
.
See here for schedules and registration: http://www.spsevents.org/city/columbus/columbus2014
And don't forget the Cincinnati and the Louisville SharePoint Saturdays in October!
Track: IT Pro, End-User, Business
SharePoint’s greatest strengths – flexibility and ease of use – can also become its greatest weaknesses if you don’t adequately plan for tremendous growth and proliferation of SharePoint sites/usage. Office 365 greatly expands the governance challenges as it is so easy for anyone to create a new 365 subscription.
Topics will include:
• SharePoint Governance – the core issues are the same
• You must have a policy for the cloud, even if it’s just “don’t go there!”
• The unique issues of cloud based SharePoint
• The backup, auditing and security management challenges
• Dealing with external users
My Goals:
• To get you thinking
• To get you concerned
• To convince you to get started on a plan
The takeaways:
• More questions than answers! (homework!)
• A list of things to be concerned about.
• A motivation to have a plan.
• Most of your existing governance still applies.
• Office 365 is a moving target!
• The need to communicate the plan to the users of SharePoint.
• That a plan will never be complete, it will evolve as you integrate SharePoint into your enterprise, and as SharePoint Online evolves.
See you there!
.
In a recent PowerShell SharePoint Auditing class we got side tracked on a discussion about security and the Limited Access Permission Level. I mentioned that even the names of lists and libraries can leak confidential information and that users with Limited Access permissions can often see these names. That led to a mandatory demo of the issue and a promise of a blog article with complete demo steps…
You granted permissions to an innocent library like Sales Training Materials to a summer co-op. Later they ask you about plans to acquire a competitor. In a panic you check every document in that library for anything about the other company or about acquiring anything. You find nothing. You finally ask the co-op how they heard about that and they just answer "I saw it in SharePoint while looking for the training materials".
How did they discover it? In the Quick Launch on the page for the training materials library there's a link named "Confidential: XYZ Acquisition Documents". How did they even get to see that? Limited Access.
Even worse… when they clicked the link they went to the library's page and there could the verbose description that was added by the person who created the list!
What about SharePoint 2013? 2013 has similar issues, but does hide the Quick Launch. I'll follow up with a 2013 specific article.
Test setup:
You now have a site with all content visible to your Owners, Members and Visitors groups… except for your test library, which only the Owners can see.
Results:
Results:
Limited Access.
If you return to the browser where you are logged on as a Site Owner and visit the libraries you will see that the user with only access to a single library actually has the Limited Access permission level to all lists and libraries.
Why does Sam have Limited Access to this library? Sam was given "Limited Access" to the site when he was given Contribute to the library so he could see the master page and other resources needed to display the pages for the one library he was granted access to. All of the lists and libraries currently inherit their permissions from the site, therefore they inherit Sam's Limited Access permissions.
Side effects of granting permissions to a List, Library, Folder or Item, but not to the Site:
Are they discoverable by the Limited Access user? Yes, if they can Google or Bing! SharePoint 2010 has a RESTful web service that exposes lists. While this is security trimmed, the user in the above scenarios has access to the list's name through the inherited Limited Access permissions. I.e. this is not a bug with Quick Launch, it's a "feature" of Limited Access! Here's what the user will discover from a web search:
http://yourserver/sites/yoursite/_vti_bin/ListData.svc
That link will display via XML the list of lists and libraries!
SharePoint 2013 includes the above REST service plus a more generalized version.
https://yourserver/sites/yoursite/_api/web/lists
To prevent the accidental discovery of other lists and libraries when using unique permissions on a single list or library you will need to break inheritance on every list and library and grant the appropriate access.
You will need to:
There's no end to learning SharePoint!
.
Buckeye SharePoint Users Group http://www.buckeyespug.com/SitePages/Home.aspx
July 17th - 5:30 pm @ the Microsoft Polaris Office
A look into SharePoint User Policies, the creation of “super users” and how to take away powers from everyone else!
In this session we will explore SharePoint Permission Policies and User Policies to grant application wide permissions to selected users to create the often mentioned but rarely documented “Auditor” and “Super User” roles. We will also see how to use SharePoint’s only option to deny permissions to restrict even Full Control users from things like creating subsites.
See you there!
.
The following applies to both SharePoint 2010 and SharePoint 2013 on premises, but not to Office 365.
One of the common SharePoint tasks when you need to do a security audit, document security or cleanup a farm before an upgrade, is to try to figure out where the Site Owners have broken inheritance and created unique permissions. You could visit every site, list, library, folder, list item and document, or you could let PowerShell do the work for you.
Get-SPSite http://yourSiteUrl |
Get-SPWeb -Limit All |
Where { $_.HasUniquePerm -AND $_.ParentWeb -NE $Null } |
Select ServerRelativeUrl, {$_.ParentWeb.ServerRelativeUrl}
Get-SPSite http://yourSiteUrl |
Get-SPWeb -Limit All |
Select -ExpandProperty Lists |
Where { $_.HasUniqueRoleAssignments -AND -NOT $_.Hidden } |
Select Title, ParentWebUrl
Get-SPSite http://yourSiteUrl | Get-SPWeb -Limit All | Select -ExpandProperty Lists | Select -ExpandProperty Folders | Where { $_.HasUniqueRoleAssignments } | Select Title, {$_.ParentList.ParentWebUrl + "/" +$_.ParentList.Title}
Get-SPSite http://yourSiteUrl | Get-SPWeb -Limit All | Select -ExpandProperty Lists | Select -ExpandProperty Items | Where { $_.HasUniqueRoleAssignments } | Select Name, {$_.ParentList.ParentWebUrl + "/" +$_.ParentList.Title}
Each of the scripts above return different kinds of columns. As PowerShell is a bit picky about what it will merge into a single column we will have a little more work to merge everything into a single list. One solution is to build an array or collection in memory, but this could get quite large. Another solution is to dump everything in to a CSV file and then open the result in Excel.
Note: The following script uses Export-CSV with the –Append parameter, which is not available in PowerShell 2.0.
The following is all one script!
$siteUrl = "http://urlToYourSite" $savePath = "c:\test\BrokenInheritanceReport.csv" Get-SPSite $siteUrl | Get-SPWeb -Limit All | Where { $_.HasUniquePerm -AND $_.ParentWeb -NE $Null } | Select @{Label="Securable"; Expression={"Web"}}, @{Label="Item"; Expression={$_.ServerRelativeUrl}}, @{Label="Parent"; Expression={$_.ParentWeb.ServerRelativeUrl}} | Export-CSV $savePath Get-SPSite $siteUrl | Get-SPWeb -Limit All | Select -ExpandProperty Lists | Where { $_.HasUniqueRoleAssignments -AND -NOT $_.Hidden } | Select @{Label="Securable"; Expression={"List"}}, @{Label="Item"; Expression={$_.Title}}, @{Label="Parent"; Expression={$_.ParentWebUrl}} | Export-CSV $savePath -Append Get-SPSite $siteUrl | Get-SPWeb -Limit All | Select -ExpandProperty Lists | Where { -NOT $_.Hidden -AND $_.EntityTypeName -NE "PublishedFeedList" } | Select -ExpandProperty Folders | Where { $_.HasUniqueRoleAssignments } | Select @{Label="Securable"; Expression={"Folder"}}, @{Label="Item"; Expression={$_.Title}}, @{Label="Parent"; Expression={$_.ParentList.ParentWebUrl + "/" +$_.ParentList.Title}} | Export-CSV $savePath -Append Get-SPSite $siteUrl | Get-SPWeb -Limit All | Select -ExpandProperty Lists | Where { -NOT $_.Hidden -AND $_.EntityTypeName -NE "PublishedFeedList" } | Select -ExpandProperty Items | Where { $_.HasUniqueRoleAssignments } | Select @{Label="Securable"; Expression={"Item"}}, @{Label="Item"; Expression={$_.Name}}, @{Label="Parent"; Expression={$_.ParentList.ParentWebUrl + "/" +$_.ParentList.Title}} | Export-CSV $savePath -Append Import-CSV $savePath | Sort Parent | Select *
# or open the CSV file in Excel and sort there.
It only took 2½ years to complete! Work on this book started with the creation of my blog site in 2007. Or maybe it started in 2006 with the students in my SharePoint classes when they asked questions about the obvious and not so obvious SharePoint security features. The actual writing started 2½ years ago.
Why a 2010 book in 2014? It took that long to write it. (I'm both slow and busy!) But… give me a few weeks and then you can get the 2013 version of the book.
You can order it now from Amazon.
Starting with the PowerShell chapter from the security book, and adding another 100 or so scripts, I now have a class for on premises SharePoint 2010 and 2013 administrators, auditors and governance teams who need to query just about anything in SharePoint. The class handout is effectively a cheat sheet with over 175 PowerShell scripts plus the general patterns to create your own scripts.
For all of the details of the class see here: http://techtrainingnotes.blogspot.com/2014/06/new-sharepoint-powershell-course.html
For class schedules see here: http://www.maxtrain.com/Classes/ClassInfo.aspx?Id=119394 or call MAX Technical Training at 513-322-8888. This class is available both in Cincinnati, and remotely from anywhere. This class will soon be available to all Microsoft training centers as course 55095AC.
You will need core PowerShell skills for this class, so I'd recommend having attended either of these two classes: MS-10961 Automating Administration with Windows PowerShell or MS-50414 Powershell v2 for Administrators, or equivalent.
Bonus! When you register for the class, tell them that you heard about it from Mike, and we will get you a free copy of the security book!
.
MVP Paul Stork will be speaking at tonight's SharePoint user group. We will have pizza and door prizes at the meeting, and for those who cannot make it out, we will have remote access available for the first 20 people connecting.
SharePoint 2007 had the nice complete "bread crumb trail" across the top of every page:
SharePoint 2010 removed those and gave us a very limited, library relative, crumb trail which has gaps if too long:
As a compromise, 2010 gave us a little button / dropdown called Navigate up to make up for the missing crumb trail:
![[image[33].png]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDKv5TEJtRgUV2zcpZn5DtZLHhhEB8DPHVmpDQ_ODmxWlGqo2XeSaAZB58MQYwTDRAqxAn8D-eB06DfMtdlIDqr5pzSd606gHT48xEI-nNTCPtn62q5qLOTXHd5oKSuBND6mIus2WDnpo6/s1600/image%5B33%5D.png)
What Microsoft giveth, Microsoft takes away. No more crumb trails in 2013! I think 2013 users are supposed to only "Follow" or search for sites. :-)
Actually… the Navigate up button is still there, but it's been hidden! It's just between the site logo and the Top Link Bar. All you need to do is make two quick changes to your master page, and the crumb trail is back!
In the example below I'm in a subsite named Sales Training and I've drilled down into a library with a bunch of folders looking for the 2014 schedules. In two clicks I can quickly jump up to a higher level folder, library or site.
Site with the restored Navigate Up button:
The steps:
.
Next meeting: June 26th, 2014 Please register at TechLife Cincinnati
Topic: Yammer
One of the biggest investments Microsoft made in SharePoint 2013 was in the area of "Social" collaboration. Yet, just before SharePoint 2013 launched Microsoft announced that they had purchased Yammer, another popular "Social" collaboration system. Since then Microsoft has announced a road map to integrate the cloud based Yammer functionality into both SharePoint Online (Office 365) and traditional SharePoint on-premises. In this talk we will examine the questions
- What is Yammer?
- How is it different from SharePoint "Social" features?
- How do I use it?
- What is the state of integration available today for both Office 365 and SharePoint On-premises?
Speaker: Paul Stork
Paul Stork is a Microsoft SharePoint MVP and MCM who works as a Principal Architect at Blue Chip Consulting based in Cleveland. He has an MBA from the Weatherhead School of Management and holds a myriad of Microsoft certifications including being a SharePoint 2013 Solutions Expert, Systems Engineer, Solutions Architect, Developer, Database Admin, IT Professional and Professional Developer. He is an author and/or contributor on several SharePoint books and is a well-known contributor to the SharePoint community.
And of course... there will be food, door prizes and networking!
We've got books, gadgets and toys!
In SharePoint users and groups are both security principles, and both share some common properties. One property, ID, is interesting as it is unique and never duplicated between the lists of users and group. I.e. if there is a user with an ID of 5 then there is never a group with an ID of 5.
In PowerShell there are two separate properties for users and groups, but I wanted to merge the two into one sorted list. Turns out, as long as both Select statements return columns with the same names, then they can be "added" to get a merged result.
$users = $web.SiteUsers | Select Id, Name $groups = $web.Groups | Select Id, Name $users + $groups | Sort Id
If you wanted to do it all in one line, then use a few parentheses:
($web.SiteUsers | Select Id, Name) + ($web.Groups | Select Id, Name) | Sort Id
What if the column names don't match (but have similar data types)? You will need to create a PowerShell custom column. In the example below I wanted to use the user's DisplayName property instead of the Name property so I had to create a custom column named "Name" to match the "Name" property in the groups Select.
$users = $web.SiteUsers | Select Id, @{Label="Name"; Expression={$_.DisplayName|}}
$groups = $web.Groups | Select Id, Name
$users + $groups | Sort Id
.